Board designs, FPGA verilog, firmware for TKey, the flexible and open USB security key
Go to file
Daniel Jobson 559924868e
Move the boards folder to new repositories
To simplify versioning and isolate the different parts of the projects
to their own repositories, these hardware parts are moved to separate
locations.

- tk1, mta1-usb-dev, mta-usb-v1 and mta1-library moves to
  https://github.com/tillitis/tk1-pcba
- tp1, mta1-usb-programmer, mta1-library and KiCad-RP Pico moves to
  https://github.com/tillitis/tp1
- Relevant documentation referring to these boards are also moved to the
  new repositories, links are updated to point to the new location
- The CERN-OHL-S license is removed from this repo
- CI is no longer building the TP1 firmware
2024-10-17 16:21:24 +02:00
.github/workflows Move the boards folder to new repositories 2024-10-17 16:21:24 +02:00
contrib Update toolchain with new versions of FPGA tools and remove fw/apps/programmer toolschains 2024-10-16 18:43:29 +02:00
doc Move the boards folder to new repositories 2024-10-17 16:21:24 +02:00
hw Move the boards folder to new repositories 2024-10-17 16:21:24 +02:00
LICENSES Move the boards folder to new repositories 2024-10-17 16:21:24 +02:00
.editorconfig Help our editors fight less 2022-09-21 14:47:24 +02:00
.gitattributes Make initial public release 2022-09-19 08:51:11 +02:00
.gitignore Move the boards folder to new repositories 2024-10-17 16:21:24 +02:00
dco.md Add dco file and link to the dco in README 2022-11-21 13:47:42 +01:00
README.md Move the boards folder to new repositories 2024-10-17 16:21:24 +02:00

ci

Tillitis TKey

Introduction

The Tillitis TKey is a new kind of USB security token. What makes the TKey unique is that it allows a user to load and run applications on the device, while still providing security. This allow for open-ended, flexible usage. Given the right application, the TKey can support use cases such as SSH login, Ed25519 signing, Root of Trust, FIDO2, TOTP, Passkey, and more.

During the load operation, the device measures the application (calculates a cryptographic hash digest over it) before running it on the open hardware security processor. This measurement is similar to TCG DICE.

Each TKey device contains a Unique Device Secret (UDS), which together with the application measurement, and an optional User-Supplied Secret (USS), is used to derive key material unique to each application. This guarantees that if the integrity of the application loaded onto the device has been tampered with, the correct keys needed for an authentication will not be generated.

Key derivation with a User-Supplied Secret allows users to build and load their own apps, while ensuring that each app loaded will have its own cryptographic identity, and can also be used for authentication towards different services.

The TKey platform is based around a 32-bit RISC-V processor and has 128 KB of RAM. Firmware can load and start an app that is as large as RAM.

All of the TKey software, firmware, FPGA Verilog source code, schematics and PCB design files are open source. Like all trustworthy security software and hardware should be. This in itself makes it different, as other security tokens utilize at least some closed source hardware for its security-critical operations.

Tillitis Key 1 PCB, first implementation The TK1 PCB, the first implementation of the TKey.

Getting started

The official website is tillitis.se.

The Tkey can be purchased at shop.tillitis.se.

TKey software developer documentation is available in the TKey Developer Handbook.

Specific documentation regarding implementation is kept close to the code/design in README files, typically in the same directory.

Tkey Device Apps

Officially supported apps can be found at tillitis.se

The source and other projects from us can be found here at our GitHub.

Other known (but not all) projects can be found at dev.tillitis.se.

PCB and programmer

The TKey PCB KiCad design files are kept in a separate repository:

https://github.com/tillitis/tk1-pcba

The TP1 (TKey programmer 1) PCB design files and firmware are kept in:

https://github.com/tillitis/tp1

Note that development is ongoing. To avoid unexpected changes of derived key material, please use a tagged release. Read the Release Notes to keep up to date with changes and new releases.

About this repository

This repository contains the FPGA design, firmware/bootloader, and the USB controller firmware.

The PCB design files, device and client applications are kept in other repositories. See:

https://github.com/tillitis

Licensing

See LICENSES for more information about the projects' licenses.

All contributors must adhere to the Developer Certificate of Origin.